ESET leading-edge technology

Continually developing leading-edge protection.

Our global research labs drive the development of ESET's unique technology

Today’s malware, being dynamic and often targeted, requires a multi-layered approach based on proactive and smart technologies. As far back as 20 years ago, ESET started to incorporate proactive technologies into its scanning engine and gradually implemented different layers of protection to strike at different stages of the cyber kill chain.

Now, ESET uses multi-layered technologies that go far beyond the capabilities of basic antivirus. The figure below shows various core ESET technologies and an approximation of when and how they can detect and/or block a threat during its lifecycle in the system.

Network attack protection

Network Attack Protection is an extension of firewall technology and improves detection of known vulnerabilities on the network level. It constitutes another important layer of protection against spreading malware, network-conducted attacks and exploitation of vulnerabilities for which a patch has not yet been released or deployed.

Show more

Reputation & cache

When inspecting a file or URL, before any scanning takes place, our products check the local cache for known malicious or whitelisted benign objects. This improves scanning performance.Afterwards, our ESET LiveGrid® Reputation System is queried for the object’s reputation (i.e. whether the object has already been seen elsewhere and classified as malicious). This improves scanning efficiency and enables faster sharing of malware intelligence with our customers.

Show more

DNA Detections

Detection types range from very specific hashes to ESET DNA Detections, which are complex definitions of malicious behavior and malware characteristics.

While the malicious code can be easily modified or obfuscated by attackers, the behavior of objects cannot be changed so easily and ESET DNA Detections are designed to take advantage of this principle.

Show more

We perform deep analysis of the code and extract “genes” that are responsible for its behavior and construct ESET DNA Detections, which are used to assess potentially suspect code, whether found on the disk or in the running process memory.

DNA Detections can identify specific known malware samples, new variants of a known malware family or even previously unseen or unknown malware which contains genes that indicate malicious behavior.

Show more

Exploit Blocker monitors typically exploitable applications (browsers, document readers, email clients, Flash, Java, and more) and instead of just aiming at particular CVE identifiers it focuses on exploitation techniques. When triggered, the behavior of the process is analyzed and, if it is considered suspicious, the threat may be blocked immediately on the machine.

This technology is under constant development, new methods of detection are added regularly to cover new exploitation techniques.

Advanced memory scanner

Advanced Memory Scanner is a unique ESET technology which effectively addresses an important issue of modern malware – heavy use of obfuscation and/or encryption. To tackle these issues, Advanced Memory Scanner monitors the behavior of a malicious process and scans it once it decloaks in memory.

Moreover, there is a new trend in advanced malware: some malicious code now operates "in-memory only", without needing persistent components in the ﬁle system that can be detected conventionally. Only memory scanning can successfully discover such malicious attacks and ESET is ready for this new trend with its Advanced Memory Scanner.

Cloud malware protection system

The ESET Cloud Malware Protection System is one of several technologies based on ESET’s LiveGrid® cloud system. Unknown, potentially malicious applications and other possible threats are monitored and submitted to the ESET cloud via the ESET LiveGrid® Feedback System.

Show more

The samples collected are subjected to automatic sandboxing and behavioral analysis, which results in the creation of automated detections if malicious characteristics are confirmed. ESET clients learn about these automated detections via the ESET LiveGrid® Reputation System without the need to wait for the next detection engine update.

Botnet protection

ESET Botnet Protection detects malicious communication used by botnets, and at the same time identifies the offending processes. Any detected malicious communication is blocked and reported to the user.